https://vulnerability.circl.lu/sightings/feed 2026-05-31T12:23:41.812528+00:00 Vulnerability-Lookup info@circl.lu python-feedgen Contains only the most 10 recent sightings. https://vulnerability.circl.lu/sighting/f5597609-ee21-4394-a586-4951e98f216b/export 2026-05-31T12:23:42.083689+00:00 Automation user https://vulnerability.circl.lu/user/automation {"uuid": "f5597609-ee21-4394-a586-4951e98f216b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-22907", "type": "seen", "source": "https://mastodon.social/users/CyberSignaler/statuses/113838818205014386", "content": "", "creation_timestamp": "2025-01-16T15:48:40.299965Z"} 2025-01-16T15:48:40.299965+00:00 https://vulnerability.circl.lu/sighting/f5131460-b2e4-4b00-9d3a-0f90c15aef64/export 2026-05-31T12:23:42.083621+00:00 Automation user https://vulnerability.circl.lu/user/automation {"uuid": "f5131460-b2e4-4b00-9d3a-0f90c15aef64", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-2290", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/8020", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-2290\n\ud83d\udd25 CVSS Score: 5.3 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N)\n\ud83d\udd39 Description: The LifterLMS \u2013 WP LMS for eLearning, Online Courses, & Quizzes plugin for WordPress is vulnerable to Unauthenticated Post Trashing due to a missing capability check on the delete_access_plan function and the related AJAX calls in all versions up to, and including, 8.0.1. This makes it possible for unauthenticated attackers to change status to \"Trash\" for every published post, therefore limiting the availability of the website's content.\n\ud83d\udccf Published: 2025-03-19T04:21:05.815Z\n\ud83d\udccf Modified: 2025-03-19T04:21:05.815Z\n\ud83d\udd17 References:\n1. https://www.wordfence.com/threat-intel/vulnerabilities/id/4f64dbf2-b75a-4a35-9b4e-413b8fd1fff0?source=cve\n2. https://plugins.trac.wordpress.org/changeset/3257328/lifterlms/trunk/includes/class.llms.ajax.handler.php", "creation_timestamp": "2025-03-19T04:48:47.000000Z"} 2025-03-19T04:48:47+00:00 https://vulnerability.circl.lu/sighting/518abb06-e8fb-40fe-bf0c-4ff6102864bb/export 2026-05-31T12:23:42.083548+00:00 Automation user https://vulnerability.circl.lu/user/automation {"uuid": "518abb06-e8fb-40fe-bf0c-4ff6102864bb", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-2290", "type": "seen", "source": "https://t.me/cvedetector/20624", "content": "{\n \"Source\": \"CVE FEED\",\n \"Title\": \"CVE-2025-2290 - LifterLMS WordPress Plugin Unauthenticated Post Trashing Vulnerability\", \n \"Content\": \"CVE ID : CVE-2025-2290 \nPublished : March 19, 2025, 5:15 a.m. | 1\u00a0hour, 39\u00a0minutes ago \nDescription : The LifterLMS \u2013 WP LMS for eLearning, Online Courses, & Quizzes plugin for WordPress is vulnerable to Unauthenticated Post Trashing due to a missing capability check on the delete_access_plan function and the related AJAX calls in all versions up to, and including, 8.0.1. This makes it possible for unauthenticated attackers to change status to \"Trash\" for every published post, therefore limiting the availability of the website's content. \nSeverity: 5.3 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n \"Detection Date\": \"19 Mar 2025\",\n \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-03-19T07:57:41.000000Z"} 2025-03-19T07:57:41+00:00 https://vulnerability.circl.lu/sighting/3032e157-e152-4475-a1f7-3556170c996b/export 2026-05-31T12:23:42.083481+00:00 Automation user https://vulnerability.circl.lu/user/automation {"uuid": "3032e157-e152-4475-a1f7-3556170c996b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-22905", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/8230", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-22905\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: RE11S v1.11 was discovered to contain a command injection vulnerability via the command parameter at /goform/mp.\n\ud83d\udccf Published: 2025-01-16T00:00:00.000Z\n\ud83d\udccf Modified: 2025-03-20T15:44:05.771Z\n\ud83d\udd17 References:\n1. https://www.edimax.com/edimax/global/\n2. http://re11s.com\n3. https://github.com/xyqer1/RE11S_1.11-mp-CommandInjection", "creation_timestamp": "2025-03-20T16:18:21.000000Z"} 2025-03-20T16:18:21+00:00 https://vulnerability.circl.lu/sighting/57372fb7-8bb4-432c-8ebc-9d4872b2b031/export 2026-05-31T12:23:42.083414+00:00 Automation user https://vulnerability.circl.lu/user/automation {"uuid": "57372fb7-8bb4-432c-8ebc-9d4872b2b031", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-22903", "type": "seen", "source": "https://t.me/cvedetector/22997", "content": "{\n \"Source\": \"CVE FEED\",\n \"Title\": \"CVE-2025-22903 - TOTOLINK N600R Stack Overflow Vulnerability\", \n \"Content\": \"CVE ID : CVE-2025-22903 \nPublished : April 15, 2025, 7:16 p.m. | 56\u00a0minutes ago \nDescription : TOTOLINK N600R V4.3.0cu.7647_B20210106 was discovered to contain a stack overflow via the pin parameter in the function setWiFiWpsConfig. \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n \"Detection Date\": \"15 Apr 2025\",\n \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-04-15T22:28:03.000000Z"} 2025-04-15T22:28:03+00:00 https://vulnerability.circl.lu/sighting/4ec66018-c1f6-43bb-ab57-9618cc12c53b/export 2026-05-31T12:23:42.083344+00:00 Automation user https://vulnerability.circl.lu/user/automation {"uuid": "4ec66018-c1f6-43bb-ab57-9618cc12c53b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-22900", "type": "seen", "source": "https://t.me/cvedetector/23005", "content": "{\n \"Source\": \"CVE FEED\",\n \"Title\": \"CVE-2025-22900 - Totolink N600R Buffer Overflow Vulnerability\", \n \"Content\": \"CVE ID : CVE-2025-22900 \nPublished : April 15, 2025, 7:16 p.m. | 56\u00a0minutes ago \nDescription : Totolink N600R v4.3.0cu.7647_B20210106 was discovered to contain a stack overflow via the macCloneMac parameter in the setWanConfig function. \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n \"Detection Date\": \"15 Apr 2025\",\n \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-04-15T22:28:12.000000Z"} 2025-04-15T22:28:12+00:00 https://vulnerability.circl.lu/sighting/069c15a0-6462-4fe3-9567-8a7f72f259c8/export 2026-05-31T12:23:42.083280+00:00 Automation user https://vulnerability.circl.lu/user/automation {"uuid": "069c15a0-6462-4fe3-9567-8a7f72f259c8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-22900", "type": "seen", "source": "https://mastodon.social/users/CyberSignaler/statuses/114348661119837676", "content": "", "creation_timestamp": "2025-04-16T16:48:21.665163Z"} 2025-04-16T16:48:21.665163+00:00 https://vulnerability.circl.lu/sighting/91d2a958-a792-45ef-82af-be798b0db84c/export 2026-05-31T12:23:42.083207+00:00 Automation user https://vulnerability.circl.lu/user/automation {"uuid": "91d2a958-a792-45ef-82af-be798b0db84c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-22903", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/12137", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-22903\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: TOTOLINK N600R V4.3.0cu.7647_B20210106 was discovered to contain a stack overflow via the pin parameter in the function setWiFiWpsConfig.\n\ud83d\udccf Published: 2025-04-15T00:00:00.000Z\n\ud83d\udccf Modified: 2025-04-16T18:33:46.384Z\n\ud83d\udd17 References:\n1. https://github.com/xyqer1/TOTLINK-N600R-setWiFiWpsConfig-StackOverflow", "creation_timestamp": "2025-04-16T18:56:16.000000Z"} 2025-04-16T18:56:16+00:00 https://vulnerability.circl.lu/sighting/221a7e04-8919-4dca-84c9-4b15a01e2cd2/export 2026-05-31T12:23:42.083118+00:00 Automation user https://vulnerability.circl.lu/user/automation {"uuid": "221a7e04-8919-4dca-84c9-4b15a01e2cd2", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-22905", "type": "seen", "source": "https://poliverso.org/objects/0477a01e-7d94594b-ae20c1dc5483d2a2", "content": "", "creation_timestamp": "2025-10-11T06:19:01.060954Z"} 2025-10-11T06:19:01.060954+00:00 https://vulnerability.circl.lu/sighting/a4c86760-e9e3-4d1a-a362-95233954c4e9/export 2026-05-31T12:23:42.080814+00:00 Automation user https://vulnerability.circl.lu/user/automation {"uuid": "a4c86760-e9e3-4d1a-a362-95233954c4e9", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-22905", "type": "seen", "source": "MISP/a41d8549-5384-5e1a-8c33-bf88e35b5a0a", "content": "", "creation_timestamp": "2025-10-14T10:31:56.000000Z"} 2025-10-14T10:31:56+00:00